Hi. I'm using aMember free to prototype a site. I installed the htpasswd security plugin, added products, members & subscriptions, created .htaccess files (by copying from the Admin screen). However, I find I can access all protected areas whether I log in or not. I get no login popup. The .htpassword and .htgroup files were genertaed OK. I'm running Apache 1.3 under Windows XP. Here is my .htaccess file: AuthType Basic AuthName "Members Area" AuthUserFile c:\program files\apache group\apache\htdocs\amember/data/.htpasswd AuthGroupFile c:\program files\apache group\apache\htdocs\amember/data/.htgroup Require group PRODUCT_2 I tried reversing the slashes in the file paths, but it didn't help. I'm baffled. Can anyone help? TIA Brian
AllowOverride All directive in httpd.conf will fix this problem - your host is just not configured to understand .htaccess files. It may never happen on commercial Unix hosting.
Still having problems with Protection At first I was having the same problem with the directory not being protected and I tried AllowOveride All # # This controls which options the .htaccess files in directories can # override. Can also be "All", or any combination of "Options", "FileInfo", # "AuthConfig", and "Limit" # AllowOverride All But not can't even access the directory. I get the error message: Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. I am also getting the Page Cannot be Displayed error message when I login: http://test:test@192.168.0.210/test/ Thanks!
Sorry forgot to list the server setup: Apache/1.3.29 (Win32) PHP/4.3.4 on Windows 2003 MySql and PHP are running fine Thanks again!
Your .htaccess must look like AuthType Basic AuthName "Members Area" AuthUserFile c:\progra~1\apache~1\apache\htdocs\amember/data/.htpasswd AuthGroupFile c:\progra~1\apache~1\apache\htdocs\amember/data/.htgroup Require group PRODUCT_2 If it doesn't help, read file c:\progra~1\apache~1\apache\logs/error_log Regarding "Cannot be displayed" error, please read this topic: http://www.cgi-central.net/forum/showthread.php?t=2316
My .htaccess is correct: AuthType Basic AuthName "Sport Members Only" AuthUserFile C:\Program Files\Apache Group\Apache2\htdocs\amember/data/.htpasswd AuthGroupFile C:\Program Files\Apache Group\Apache2\htdocs\amember/data/.htgroup Require group PRODUCT_1 And I just tried the IE 6.0 fix. Instead of the Cannot Display Message, it gives me an Internal Server Error now. I think this fix was for the aMember Pro version. I am still testing on the Amember Free version. Any suggestions? Thanks for the great support you are providing. It this works I will definitely upgrade to the Pro version.
at least try to put filenames in quotes, but you would better follow my first advice. Try this: AuthType Basic AuthName "Sport Members Only" AuthUserFile "C:\Program Files\Apache Group\Apache2\htdocs\amember/data/.htpasswd" AuthGroupFile "C:\Program Files\Apache Group\Apache2\htdocs\amember/data/.htgroup" Require valid-user
The " " worked! AuthType Basic AuthName "Members Only" AuthUserFile "C:\Program Files\Apache Group\Apache\htdocs\amember/data/.htpasswd" AuthGroupFile "C:\Program Files\Apache Group\Apache\htdocs\amember/data/.htgroup" Require group PRODUCT_1 But now I am getting the following in the Error log. [Thu Feb 26 17:24:01 2004] [error] [client 192.168.0.210] user test: authentication failure for "/test/": password mismatch [Thu Feb 26 17:27:40 2004] [error] [client 192.168.0.210] user test2: authentication failure for "/test/": password mismatch I know the password is correct, because I signed up twice with the following: test/test test2/test2 Getting there...
Here is some of the Error Log I forgot to add. [Thu Feb 26 17:39:25 2004] [error] [client 192.168.0.210] client denied by server configuration: c:/program files/apache group/apache/htdocs/amember/data [Thu Feb 26 17:39:25 2004] [error] [client 192.168.0.210] client denied by server configuration: c:/program files/apache group/apache/htdocs/amember/smarty [Thu Feb 26 17:39:25 2004] [error] [client 192.168.0.210] client denied by server configuration: c:/program files/apache group/apache/htdocs/amember/templates [Thu Feb 26 17:39:25 2004] [error] [client 192.168.0.210] client denied by server configuration: c:/program files/apache group/apache/htdocs/amember/templates_c [Thu Feb 26 17:39:29 2004] [error] [client 192.168.0.210] user test: authentication failure for "/test/": password mismatch Thanks again!
I was playing around with Amember and reconfigured it to not use password encryption in .htaccess. test:test test2:test2 test3:test3 test4:test4 Now the login.php and member.php works. But it pops up the ugly login windows even after logging into the site. But after entering it into the popup window I am able to get in the protected directory. Yippee!!!! Problems: 1. I really don't want to use an uncrypted .htaccess datafile 2. How do I get rid of that ugly popup window? =)
1. Not-encrypted passwords required by Windows Apache - I believe it was mentioned during setup. On Unix, passwords will be encrypted. 2. If you read sticked topic in this forum, you will see that Microsoft killed latest ability to get rid of popup box and still use htpasswd. Hopefully, aMember (one in the industry!) allow you to use alternative, advanced methods of protection. One from them called "mod_rewrite+php_include" and you can read about in aMember Pro manual.
Is there an alternative to not having the .htaccess encrypted? I read about mod_auth_mysql module, can this be used alone or with mod_rewrite+php_include on Windows Apache to protect directories?